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Dear Sir: 



Applicant requests review of the final rejection in the above-identified application. No 
amendments are being filed with this request. 

This request is being filed with a Notice of Appeal. 

It is respectfully submitted that the obviousness rejection of claim 10 over Bahl and Coile 
is erroneous. 

To make a determination under 35 U.S.C. § 103, several basic factual inquiries must be 
performed, including determining the scope and content of the prior art, and ascertaining the 
differences between the prior art and the claims at issue. Graham v. John Deere Co., 383 U.S. 1, 
17, 148 U.S.P.Q. 459 (1965). Moreover, as held by the U.S. Supreme Court, it is important to 
identify a reason that would have prompted a person of ordinary skill in the art to combine 
reference teachings in the manner that the claimed invention does. KSR International Co. v. 
Teleflex, Inc., 127 S. Ct. 1727, 1741, 82 U.S.P.Q.2d 1385 (2007). 

Claim 10 recites a method for maintaining secure network connections, comprising: 

• duplicating, at a third network element, a security association associated with a secure 
network connection between a first network element and a second network element, 
wherein a lookup of the security association associated with the secure network 
connection is not dependent on any destination address; and 

• in response to detecting failure of the second network element, replacing the second 
network element with the third network element in the secure network connection with 
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the first network element, wherein the secure network connection between the first 
network element and the third network element is based on the duplicated security 
association. 

The Office Action cited Bahl as purportedly disclosing duplicating, at a third network 
element, a security association associated with a secure network connection between a first 
network element and a second network element. 

In the rejection, the Office Action identified the mobile host 70 or 120 (Fig. 2 or 3 of 
Bahl) as being the "first network element" of claim 10, and identified the correspondent host 72 
or 122 (Fig. 2 or 3 of Bahl) as being the "second network element" of claim 10. 02/22/2010 
Office Action at 2. Moreover, the Office Action pointed to the "new mobile address" mentioned 
in the abstract of Bahl as being the "third network element" of claim 10. The abstract of Bahl 
refers to a mobile host changing to a new address. The abstract of Bahl states that the system 
and method described in Bahl provides mobility support to handle address changes of the mobile 
host to provide transparent session continuity when the mobile host changes to a new address. 

The Response to Arguments section of the Office Action argued that "network element" 
can be "given the broadest reasonable claim interpretation." Id. at 6. According to the Office 
Action, a "new address" can constitute a "network element" as recited in the claim. It is 
respectfully submitted that such an interpretation constitutes an unreasonable and erroneous 
interpretation. A network address identifies a network element — however, a network address 
cannot be a network element, as alleged by the Office Action. In fact, the interpretation of 
"network element" adopted in the Office Action is inconsistent with usage of the terms within 
the present application, which is a clear indication that the interpretation adopted by the Office 
Action is unreasonable and erroneous. For example, the specification notes that a secure 
connection is initiated between two network elements, and that these network elements first 
negotiate a security association to protect further negotiations. Specification, page 2, lines 5-7. 
Moreover, the specification also notes that the IP address together with an SPI and a security 
protocol are used to uniquely identify a security association. Id., 2:10-13. Various network 
elements are listed on page 9 of the specification, where the network elements can include a 
security gateway, such as a router, a firewall, or a server, or the network elements can include a 
mobile client. Id., 9:10-16. Reference is also made to a secure network connection between the 
mobile client and the security gateway. Id., 9:17-12:19. The foregoing cited passage also refers 
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to IP addresses associated with the mobile client and security gateway. Moreover, Fig. 4 of the 
present application also shows a system 400 that depicts the typical components of either a 
mobile client or a security gateway, where the system 400 includes a processor module 402 that 
can detect "its IP address change, store the old and new addresses, Id., 13:18-21. In view of 
the foregoing, it is respectfully submitted that it is clear that when the claims are properly 
construed in light of the specification, a "network element" cannot be a network address, as 
alleged by the Office Action. 

In fact, the Office Action did acknowledge that a prior Office Action did indicate that a 
"new address" cannot be the "third network element" of claim 10, where the third network 
element can replace the second network element in the secure network connection with the first 
network element, as recited in claim 10. 02/22/2010 Office Action at 6. 

As purportedly disclosing claimed subject matter conceded to be missing from Bahl, the 
Office Action cited Coile, and specifically to a backup network device 120 shown in Figure 1 of 
Coile. Coile refers to transferring a network function from a primary network device to a backup 
network device when it is detected that the primary network device has failed. However, this has 
nothing to do with the subject matter of claim 10, which refers to replacing the second network 
element with a third network element in the secured network connection with the first network 
element, where the secure network connection between the first network element and the third 
network element is based on the duplicated security association. Nowhere in Coile is there any 
hint provided of replacing one network element with another network element in a secure 
network connection and then maintaining the secure network connection based on a duplicated 
security association. 

In view of the foregoing, even if Bahl and Coile could be hypothetically combined, the 
hypothetical combination of references would not have led to the claimed subject matter. 

Moreover, no reason existed that would have prompted a person of ordinary skill in the 
art to combine the teachings of Bahl and Coile. 

Bahl refers to a change of address of a mobile host as the mobile host moves around. 
Bahl describes how a secure connection can be maintained between the mobile host and a 
correspondent host even though the address of the mobile host has changed. This teaching of 
Bahl has nothing to do with the subject matter of claim 10, which relates to detecting failure of a 
second network element (to which the first network element has established a secure network 
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connection that is associated with a security association) and replacing the second network 
element that has failed with a third network element in the secure network connection with the 
first network element. Maintaining a secure connection in response to a change of address of a 
mobile host, as taught by Bahl, has nothing to do with detecting failure of the second network 
element and replacing the second network element with a third network element in the secure 
network connection with the first network element, as recited in claim 10. Moreover, Coile 
provides absolutely no hint whatsoever that its failover mechanism would maintain a secure 
network connection that is based on a duplicated security association. In view of the foregoing, 
it is clear that a person of ordinary skill in the art would have found no reason to combine the 
teachings of Bahl and Coile to achieve the claimed invention. 

Therefore, it is respectfully submitted that the obviousness rejection of claim 10 is in 
error. Independent claim 22 is similarly allowable over Bahl and Coile. 

Independent claim 12 recites a method for maintaining secure network connections, 
comprising: 

• configuring a plurality of security gateways such that a lookup of security 
associations is not dependent on any destination address; and 

• sharing a security association among the plurality of security gateways. 

Claim 12 recites sharing a security association among a plurality of security gateways. 
The Office Action cited security associations 84 and 86 and the IPsec/ISAKMP security 
associations of Bahl as being shared among a plurality of security gateways (which the Office 
Action equated to correspondent hosts (or servers 112a and 112b disclosed in Coile)). 
02/22/2010 Office Action at 3. The security association 84 of Bahl resides in the correspondent 
host 72, while the security association 86 resides in the mobile host 70. Similarly, the ISAKMP 
security association 142 in Fig. 3 of Bahl resides in the mobile host 120, while the ISAKMP 
security association 146 resides in the correspondent host 122. In each of Figs. 2 and 3 of Bahl, 
a secure connection associated with a particular security association is maintained between a 
mobile host and a correspondent host. There is absolutely nothing in Bahl that would even 
remotely hint at sharing a security association at multiple security gateways. In other words, 
different security associations in a correspondent host in Bahl would correspond to different 
secure connections with different mobile hosts. Therefore, there would be no sharing of a 
security association among a plurality of security gateways. 
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Coile also makes absolutely no mention of sharing a security association among a 
plurality of security gateways. 

Therefore, even if Bahl and Coile could be hypothetically combined, the hypothetical 
combination of the references would not have led to the claimed subject matter. Moreover, a 
person of ordinary skill in the art would not have been prompted to combine the teachings of 
Bahl and Coil to achieve the subject matter of claim 12, since the concept of sharing a security 
association among a plurality of security gateways does not exist in Bahl or Coile. 

The obviousness rejection of claim 12 is therefore also defective. 

Dependent claims are allowable for at least the same reasons as corresponding 
independent claims. 

In view of the foregoing, it is respectfully requested that the final rejections of the claims 
be withdrawn. The Commissioner is authorized to charge any additional fees and/or credit any 
overpayment to Deposit Account No. 14-1315 (16483BAUS01U). 

Respectfully submitted, 

Date: July 22. 2010 /Dan C. Hu/ 

Dan C. Hu 

Registration No. 40,025 
TROP, PRUNER & HU, P.C. 
1616 South Voss Road, Suite 750 
Houston, TX 77057-2631 
Telephone: (713) 468-8880 
Facsimile: (713)468-8883 
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